Skip to content

Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector

High severity GitHub Reviewed Published Jun 19, 2023 to the GitHub Advisory Database • Updated Nov 8, 2023
Withdrawn This advisory was withdrawn on Jun 19, 2023

Package

composer studio-42/elfinder (Composer)

Affected versions

< 2.1.62

Patched versions

2.1.62

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-wm5g-p99q-66g4. This link is maintained to preserve external references.

Original Description

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

References

Published by the National Vulnerability Database Jun 19, 2023
Published to the GitHub Advisory Database Jun 19, 2023
Reviewed Jun 19, 2023
Withdrawn Jun 19, 2023
Last updated Nov 8, 2023

Severity

High

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-3p2q-mh7q-9pxj

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.